tag:blogger.com,1999:blog-7036379482487192438Wed, 03 Dec 2014 08:48:15 +0000VMwarevsphereESXcentoslinuxhome labrhelMicrosoftNASQNAPdmidecodered hatHyper-VSynologyVI3VLANVWbluetoothe71lvmnokiaraidsata2560x1600DNSDPMDellESXiEVCFSEKufatecMIDINFSNetwork USB HubOPSPDCRNS510SysExUHVUSB-over-IPVCPVCSAZimbraanywhereUSBcarcarkitcentos5ciscodiscountdividerdstatduallink dvifirefoxfirmwarehotplughttpsintelirobotmarketingmkinitrdnested virtualizationopensslroombars3413xs+rsnapshotsdksports trackersshsusetouch adapterupdate managervAppvSphere5vmware toolsvpsherewhiteboxxorgthe birdhouse in my soulplenty of grains to pickhttp://virtwo.blogspot.com/noreply@blogger.com (Bert de Bruijn)Blogger79125tag:blogger.com,1999:blog-7036379482487192438.post-7837647101163376373Sat, 19 Jul 2014 10:10:00 +00002014-11-09T22:26:12.768+01:00MIDISysExGEM WS2 MIDI System Exclusive structure and checksumsMIDI is the standard for communication between electronic music instruments like keyboards and synthesizers. And computers! While tinkering with an old floppy-less GEM WS2 keyboard, I wanted to figure out the structure of their System Exclusive memory dumps. SysEx is the vendor-specific (and non-standard) part of MIDI. Vendors can use it for real-time instructions (changing a sound parameter in real-time) and for non-real-time instructions (sending or loading a configuration, sample set, etc.).<br /><br />In the GEM WS2, there's two ways of saving the memory (voices, globals, styles and songs): in .ALL files on floppy, and via MIDI SysEx.<br /><br />The .ALL files are binary files, 60415 bytes long. The only recognizable parts are the ASCII encoded voice and global names. The SysEx dumps are 73691 bytes long. As always in MIDI, only command start (and end) bytes have MSB 1, and all data bytes have MSB 0. The data is spread out over 576 SysEx packets, preceded by one SysEx packet with header information.<br /><br />Each SysEx data packet starts with these bytes (decimal representation):<br /><br /><ul><li>240 (SysEx start)&nbsp;</li><li>47 (GeneralMusic / GEM / Elka manufacturer ID)&nbsp;</li><li>0&nbsp;</li><li>2 (the header packet has a 1 here, the data packes have a 2)&nbsp;</li><li>a six-bit packet counter (data packet number MOD 64)</li><li>15 (data length, discussed below)</li><li>then there's room for 120 data bytes</li><li>one checksum byte (discussed below)</li><li>247 (SysEx end)</li></ul><br /><br />Because the original data (the WS2 memory and the .ALL file) has 8 bits per byte, and MIDI SysEx bytes can only have 7 bits (MSB 0), GEM uses an encoding to go from one to the other:<br />Seven 8-bit bytes have their LSB stripped, and the LSB's form byte number 8, from the first of seven bytes in the LSB of byte number 8, to the last of seven bytes in bit number 7 (64 decimal value).<br />Using this encoding, a group of 7 bytes from the .ALL format is transformed into a group of 8 SysEx bytes.<br /><br />The length byte in each data packet indicates how many of those byte groups there are in the current data packet. Data is sent per 15 byte groups., resulting in a 127 byte SysEx packet, with the last data packet containing the remaining 6 byte groups. There's only five bytes in the .ALL format to fill the last byte group of the last data packet, and that byte group is padded with two FF(255) bytes.<br /><br />The checksum byte is calculated as the XOR of all other bytes in the SysEx data packet, excluding the 240 and 247 start and stop bytes. When receiving a SysEx dump, the total XOR checksum of the bytes between 240 and 247 should therefore always be 0. (NB this is substantially different from the Roland way of doing SysEx checksums).<br /><br />With this knowledge, I wrote a Perl script to convert .ALL files to SysEx (known as .syx) bytestreams. Owners of GEM WS1/WS2/WS400 keyboards who find themselves without floppies or without a working floppy drive can now load their .ALL files via a computer (with e.g. MIDI-OX or SysEx Librarian). If interested, send me an e-mail!<br /><br /><br /><br /><br />http://virtwo.blogspot.com/2014/07/gem-ws2-midi-system-exclusive-structure.htmlnoreply@blogger.com (Bert de Bruijn)4tag:blogger.com,1999:blog-7036379482487192438.post-813179541171536724Sat, 14 Dec 2013 22:40:00 +00002013-12-14T23:40:01.987+01:00Identifying virtual disks in Linux on vSphereA default virtual machine has straightforward hardware. A single SCSI disk on a single SCSI card, for example. Having multiple SCSI disks or cards in a VM creates the need for in-guest identification. Linux complicates matters slightly by using alphabetical disk naming: /dev/sda, /dev/sdb, ... /dev/sdz, /dev/sdaa, /dev/sdab, ... This post looks at how you can identify individual disks in a VMware virtual machine.<br /><br />Executive summary: VMware notation "X:Y" typically maps onto Linux scsi(X+2), Id:Y, which are then named in ascending order with /dev/sd* identifiers.<br /><br /><a name='more'></a><br />First step is to identify the SCSI cards:<br /><br />The first two "scsi host" entries you'll see are the virtual IDE controllers, which Linux drives using its SCSI layer too. VMware uses these for one CD-ROM device (max four). The third "scsi host" called "host2" is the first virtual SCSI card. In the VM definition (the VMX file) you'd see this:<br /><br /><span style="font-family: Courier New, Courier, monospace;">[root@testhost ~]# cd /sys/class/scsi_host</span><br /><span style="font-family: Courier New, Courier, monospace;">[root@testhost scsi_host]# ls -l</span><br /><span style="font-family: Courier New, Courier, monospace;">total 0</span><br /><span style="font-family: Courier New, Courier, monospace;">lrwxrwxrwx. 1 root root 0 May 22 &nbsp;2013 host0 -&gt; ../../devices/pci0000:00/0000:00:07.1/host0/scsi_host/host0</span><br /><span style="font-family: Courier New, Courier, monospace;">lrwxrwxrwx. 1 root root 0 May 22 &nbsp;2013 host1 -&gt; ../../devices/pci0000:00/0000:00:07.1/host1/scsi_host/host1</span><br /><span style="background-color: white; color: #38761d; font-family: Courier New, Courier, monospace;">lrwxrwxrwx. 1 root root 0 May 22 &nbsp;2013 host2 -&gt; ../../devices/pci0000:00/0000:00:10.0/host2/scsi_host/host2</span><br /><span style="font-family: Courier New, Courier, monospace;"><br /></span><span style="font-family: inherit;">Every device in /proc/scsi/scsi will be identified with the host that it's connected to. That, and the "Id" number,&nbsp;</span><br /><span style="font-family: Courier New, Courier, monospace;"><br /></span><span style="font-family: Courier New, Courier, monospace;">[root@testhost scsi_host]# cat /proc/scsi/scsi</span><br /><span style="font-family: Courier New, Courier, monospace;">Attached devices:</span><br /><span style="font-family: Courier New, Courier, monospace;">Host: scsi1 Channel: 00 Id: 00 Lun: 00</span><br /><span style="font-family: Courier New, Courier, monospace;">&nbsp; Vendor: NECVMWar Model: VMware IDE CDR10 Rev: 1.00</span><br /><span style="font-family: Courier New, Courier, monospace;">&nbsp; Type: &nbsp; CD-ROM &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ANSI &nbsp;SCSI revision: 05</span><br /><span style="color: #38761d; font-family: Courier New, Courier, monospace;">Host: scsi2 Channel: 00 Id: 00 Lun: 00</span><br /><span style="color: #38761d; font-family: Courier New, Courier, monospace;">&nbsp; Vendor: VMware &nbsp; Model: Virtual disk &nbsp; &nbsp; Rev: 1.0&nbsp;</span><br /><span style="color: #38761d; font-family: Courier New, Courier, monospace;">&nbsp; Type: &nbsp; Direct-Access &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ANSI &nbsp;SCSI revision: 02</span><br /><br /><span style="font-family: Courier New, Courier, monospace;"></span>What VMware calls "0:0" is the disk on the first SCSI card (scsi2 in Linux), and "Id: 00". The default second disk would be virtually shown on "0:1", being scsi2 "Id: 01".<br /><br /><b>So in general, "SCSI disk X:Y" in VMware means scsi(X+2) ID: Y in Linux.</b><br /><br />Linux names its disk devices at discovery time, during the boot cycle. So first the disks on scsi2 would be scanned, then scsi3, scsi4 and scsi5. On each scsi_host the disks will be added in ascending order, Id:00 first, up to 06, then 08 up to 15.<br /><br />The only situation this could be different, is if you hot-add virtual disks or virtual SCSI cards without rebooting Linux. Both of these actions are supported in VMware, and by the Linux kernel. Those new cards and disks would be added to the list after the pre-existing ones, and no live device renaming/reordering happens for obvious reasons.<br /><br />In a multiple SCSI card configuration you might notice that, while scsi2 (first virtual SCSI card) shows up on PCI bus 10, scsi3-5 show up behind a PCI bridge on PCI bus 11, together with the virtual network device(s).<br /><br />On vSphere 5.5 and higher, both CD-ROM and disk devices can be shown on virtual SATA controllers, driven in Linux by the ahci driver. Each VMware virtual SATA controller (PCI ID 15ad:07e0 behind a PCI bridge on bus 11) will show up as 30 (!) scsi_host entries, and each can connect to one disk. The virtual disk number VMware shows, will be translated in the corresponding scsi_host number as reported by Linux. Device enumeration will still happen in ascending order over the scsi_hosts as before.<br /><br /><br />http://virtwo.blogspot.com/2013/12/identifying-virtual-disks-in-linux-on.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-8522130564122377083Sat, 14 Dec 2013 22:05:00 +00002013-12-14T23:05:45.543+01:00which vSphere version is my VM running on?(an update of an older post, now complete up to vSphere 5.5)<br /><br />Your Linux runs on a VMware VM, but which on which ESXi version? You can see for yourself: run "dmidecode" and look at lines 10, 11 and 12.<br /><span style="font-family: courier new;">ESX 2.5 - BIOS Release Date: 04/21/2004 - Address 0xE8480 - Size 97152 bytes</span><br /><span style="font-family: courier new;">ESX 3.0 - BIOS Release Date: 04/17/2006 - Address 0xE7C70 - Size 99216 bytes</span><br /><span style="font-family: courier new;">ESX 3.5 - BIOS Release Date: 01/30/2008 - Address 0xE7910 - Size 100080 bytes<br />ESX 4 - BIOS Release Date: 08/15/2008 - Address 0xEA6C0 - Size 88384 bytes<br />ESX 4U1 - BIOS Release Date: 09/22/2009 - Address 0xEA550 - Size 88752 bytes<br />ESX 4.1 - BIOS Release Date: 10/13/2009 - Address 0xEA2E0 - Size 89376 bytes<br />ESXi 5 - BIOS Release Date: 01/07/2011 - Address 0xE72C0 - Size 101696 bytes</span><br /><span style="font-family: courier new;">ESXi 5.1 - BIOS Release Date: 06/22/2012 -&nbsp;</span><span style="font-family: 'courier new';">Address: 0xEA0C0 -</span><span style="font-family: 'courier new';">&nbsp;Size: 89920 bytes</span><br /><span style="font-family: 'courier new';">ESXi 5.5 - BIOS&nbsp;</span><span style="font-family: courier new;">Release Date: 07/30/2013 -</span><span style="font-family: 'courier new';">&nbsp;Address: 0xEA050 -</span><span style="font-family: 'courier new';">&nbsp;Size: 90032 bytes</span><br /><span style="font-family: 'courier new';"><br /></span><span style="font-family: inherit;">NB These DMI properties are set at boot time. Even if your VM gets live-migrated to a host running a different vSphere version, your VM will keep the values it got from the host it booted on.</span>http://virtwo.blogspot.com/2013/12/which-vsphere-version-is-my-vm-running.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-7127645053020827893Sat, 09 Nov 2013 14:48:00 +00002013-12-02T22:04:59.332+01:00VMware Certified Associate exams half-price until 31/1/2014Using a voucher code, anyone can do a VCA exam (datacenter virtualization, cloud, or desktop, and maybe network when it becomes available) for half the regular price. VCA is a certification that you can do from the comfort of your desk! Enroll at http://vmware.com/certification/ . To do the exam for half the normal price, use this voucher code:&nbsp;<span style="background-color: white; color: #202020; font-family: arial, sans-serif; font-size: 13px; line-height: 18px;">VMRT4B425324.</span><br /><div>Best of luck to anyone who tries!<br /><br />NB This code used to reduce the exam price to 0, rendering VCA certification completely free, but starting somewhere in december 2013, the discount will be reduced to 50%.</div>http://virtwo.blogspot.com/2013/11/vmware-certified-associate-exams-are.htmlnoreply@blogger.com (Bert de Bruijn)6tag:blogger.com,1999:blog-7036379482487192438.post-1633154661008682762Mon, 30 Sep 2013 13:18:00 +00002013-09-30T15:18:50.919+02:00downloading protected/embedded videos - the hard wayCharged with the task to save a news broadcast for posteriority, I wanted to download a video that was only available through an embedded "JW Player" videoplayer on a website. Time was not on my side: the video would be purged from the site within a week.<br /><br />In the HTML source of the webpage containing the video, I found tags like<br /><table><tbody><tr></tr><tr><td class="webkit-line-content"><span class="webkit-html-attribute-name">data-video-src</span>="<span class="webkit-html-attribute-value">http://media.<span style="color: red;">XYZ</span>nieuws.net/GEO2013/09/230916509ONL1309244843676.GeoFLVLong.flv</span>"<br /><span style="font-family: inherit;"><span class="webkit-html-attribute-name" style="white-space: pre-wrap;">data-video-iphone-path</span><span style="white-space: pre-wrap;">="</span><span class="webkit-html-attribute-value" style="white-space: pre-wrap;">GEO2013/09/230916509ONL1309244843676.GeoMP4_H.264.m4v</span></span></td></tr><tr><td class="webkit-line-number">or (from another video)</td></tr></tbody></table><table><tbody><tr></tr><tr><td class="webkit-line-content"><span class="webkit-html-attribute-name">data-video-rtmp-path</span>="<span class="webkit-html-attribute-value">2009/11/132628352ONL0911177754876.urlFLVLong.flv</span>"</td></tr><tr><td class="webkit-line-number"></td></tr></tbody></table><span style="white-space: pre-wrap;">but I couldn't get a clear URL out of the page's source code (URLs anonymized to protect involved parties).</span><br /><span style="white-space: pre-wrap;">After a bit of research (a.o. channeling browser traffic through a proxy and looking at the URLs being requested), the files used by the JW Player were still a mystery to me, but I found the server that was hosting the iphone video files: iphone.<span style="color: red;">WXY</span>power.be. And that's where I got lucky: r</span><span style="white-space: pre-wrap;">equesting http://iphone.</span><span style="color: red; white-space: pre-wrap;">WXY</span><span style="white-space: pre-wrap;">power.be/</span><span style="color: red; white-space: pre-wrap;">XYZ</span><span style="white-space: pre-wrap;">nieuws_geomo/_definst_/GEO2013/09/230916509ONL1309244843676.GeoMP4_H.264.m4v/chunklist.m3u8</span><br /><span style="white-space: pre-wrap;">resulted in a list of media_<span style="color: lime;">N</span>.ts files (where N is a number starting from 1, and in this case ranging to 169).</span><br /><span style="white-space: pre-wrap;">Fetching all those files (wget) and concatenating them (cat) into one big file, gave me a large mpeg file, playable in VLC. Converting it to mp4 with handbrake reduced it to 75% its original size.</span><br /><span style="white-space: pre-wrap;"><br /></span>http://virtwo.blogspot.com/2013/09/downloading-protectedembedded-videos.htmlnoreply@blogger.com (Bert de Bruijn)2tag:blogger.com,1999:blog-7036379482487192438.post-671350388997571544Thu, 25 Jul 2013 11:09:00 +00002013-07-25T13:09:35.461+02:00SSD overprovisioning in vSphereSSD vendors like Samsung or Intel often provide tools to reserve some space on your SSD that can be used by the internal algorithms for better wear-leveling, longevity, garbage collection, and performance. My own Samsung SSD comes with a tool to do that on Windows, for example.<br />But on vSphere, you'll have to do that manually: I see two possibilities:<br /><br /><ol><li>don't format the SSD "full" but instead use "partial", and specify only the amount of the disk that you want to use. The rest is left unpartitioned, and therefore unallocated. You can only do this if you haven't formatted the SSD as VMFS yet. If you have, this second possibility can still help you:</li><li>create a thick-provisioned lazy-zeroed VMDK on the SSD-backed VMFS, either with vmkfstools or by creating a dummy VM. Those blocks are allocated, but remain unwritten. You're not going to attach the disk to a running VM, so they won't ever be written to. This effectively reduces the amount of blocks that can be written to, leaving the rest open. Caveat: if you've previously removed VMDKs from the volume, you have no guarantee that the underlying blocks are in an unwritten state.</li></ol><br />P.S. Your SSD might have some overprovisioning space built in already. I've always assumed that's the reason some vendors sell 256GB while others sell 240GB models. The latter vendors sell the same amount of flash as the former, but leave 1/16th unallocated.http://virtwo.blogspot.com/2013/07/ssd-overprovisioning-in-vsphere.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-2618426370135592832Tue, 23 Jul 2013 08:17:00 +00002013-07-23T10:17:51.145+02:00dd-wrt refusing new configuration: out of NVRAM spaceAnother post documenting a small issue just so I can google it later: one of the Cisco/Linksys WRT160NL devices (both running DD-WRT) in my environment stopped accepting config changes through its web interface. It happened to be the one I'm using as a NAT gateway and DHCP server, not the one just functioning as access point.<br />A config backup appeared to be full of UPnP rules. Those are port forwarding rules that have been asked for by applications on NATed stations that want to be reachable. Think Skype amongst many others.<br />Clearing the UPnP list solved the problem: click "NAT/QoS", then "UPnP", then "Delete all". Apparently the UPnP list filled up the available NVRAM space, which broke all subsequent config changes.<br /><br />http://virtwo.blogspot.com/2013/07/dd-wrt-refusing-new-configuration-out.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-5024266737767260264Fri, 31 May 2013 09:18:00 +00002013-05-31T11:18:56.653+02:00ESXivspherewhat's the IP address of my VMImagine wanting to access a VM, but you don't know the IP address, and you don't have a GUI client for your vSphere environment? The most basic way of getting the IP address of a VM from the vSphere hypervisor level, is logging in to the ESXi Shell (could be local or SSH), and finding your VM number in the VM list:<br /><span style="font-family: Courier New, Courier, monospace;"># vim-cmd vmsvc/getallvms</span><br />In my example, my VM has number 42. Then type<br /><span style="font-family: Courier New, Courier, monospace;"># vim-cmd vmsvc/get.summary 42 | grep ipAddress</span><br /><span style="font-family: Courier New, Courier, monospace;">&nbsp; &nbsp; &nbsp; ipAddress = "10.11.12.13",&nbsp;</span><br /><div>Et voila!<br /><br />NB this requires running VMware tools in your guest OS, evidently.</div>http://virtwo.blogspot.com/2013/05/whats-ip-address-of-my-vm.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-5844588111229906197Mon, 04 Mar 2013 13:37:00 +00002013-03-04T14:37:24.651+01:00centosxorgnomodeset can break Xorg monitor probingSome time ago, a CentOS install on a particular new Dell workstation needed the "nomodeset" kernel parameter to get a graphical login screen to correctly display. This was with a Radeon Firepro 2260 graphics card.<br />After applying the CentOS 6.3 updates, Xorg wouldn't correctly detect the LCD panel's resolution anymore. A 1680x1050 panel would get a 1280x1024 resolution. In the days of digital DVI connections, DDC probing and what not, this was unusual and surprising.<br />A lot of searching and testing led to the solution: the nomodeset parameter broke Xorg probing. Rebooting without the nomodeset parameter worked (no graphical problems like I had earlier), and solved the Xorg resolution probing.http://virtwo.blogspot.com/2013/03/nomodeset-can-break-xorg-monitor-probing.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-8250708598434932065Sat, 05 Jan 2013 14:46:00 +00002013-01-06T16:25:44.017+01:00home labNASrs3413xs+SynologySynology RS3413xs+ tech notesThe newest addition to my home lab is a Synology RS3413xs+ NAS. While installing it, I came across a couple of details that I didn't know before buying it. So for other people thinking of buying this unit, here's what I found out:<br /><a name='more'></a><br /><br /><ul><li>If you add network interfaces in the available PCIe slot, they might be numbered _before_ the four onboard interfaces. They were in my case. So onboard 1-4 are eth2-5, and add-on interfaces 1-2 are eth0-1.&nbsp;</li><li>the SSD cache feature only works with identical drives in the both cache slots. You can buy two 120GB SSDs, but you can't just add one 240GB SSD. Except if you configure it manually through the CLI, and want to work without Synology support.&nbsp;</li><li>as explained in an earlier post, there's no multiple-VLAN-over-one-interface support in the GUI, but you can work around that in the CLI</li><li>the DSM web interface counts VLAN-tagged packets twice in its "Total Network" graph. The per-interface/per-bond counters are correct however. PS that looks like the bug I solved three years ago in dstat 0.7.0!</li><li>a Synology RAID group is used as an LVM volume group. Volumes and block-based iSCSI LUNs you create afterwards are implemented as LVM logical volumes. File-based iSCSI LUNs are just placed on formatted volumes like other files.</li><li>the SSD cache can only be used for one LVM logical volume! Read on for a manual workaround.</li><li>activating or deactivating the SSD cache for a volume means stopping all services temporarily.</li><li>both SSDs are configured as a software RAID0 volume, with 64KB segments.</li><li>the SSD partitions aren't aligned at all. Makes sense I guess. The regular disk partition for data is aligned at a 512MB boundary. PS the swap partition is aligned at a 128MB boundary, and the DSM root partition is aligned at 128KB.</li><li>Synology implements its SSD cache feature using the "flashcache" driver in Linux (the one Facebook developed). Flashcache has three caching modes (writeback, writethrough, writearound) of which Synology currently uses <b>writearound</b> in DSM4.1. Just like writethrough this only accelerates read performance, as is clearly indicated in Synology documentation. If you insist on having write cache as well &nbsp;- with all the consequences that brings! - you could manually change this mode to writeback. Not supported ofcourse. See&nbsp;<a href="https://github.com/facebook/flashcache/blob/master/doc/flashcache-sa-guide.txt" target="_blank">the flashcache doc</a>&nbsp;for details on the three modes.</li><li>if you absolutely need SSD cache for multiple volumes, another manual tweak is possible: dividing your SSDs into multiple partitions, making different md RAID0 devices from those, and activating those as flashcache for multiple volumes.</li></ul><div>Get info from your own Synology device using:</div><div># fdisk -u -l /dev/sdk; fdisk -u -l /dev/sdl&nbsp;</div><div>(sdk and sdl are the two SSDs in a 10-bay Synology, where sda..sdj are the 10 regular disks)</div><div># cat /proc/mdstat</div><div># dmsetup table cachedev_0</div><div># dmsetup status cachedev_0</div><div># vgdisplay -v vg1</div>http://virtwo.blogspot.com/2013/01/synology-rs3413xs-tech-notes.htmlnoreply@blogger.com (Bert de Bruijn)6tag:blogger.com,1999:blog-7036379482487192438.post-1209706892248173832Tue, 01 Jan 2013 16:03:00 +00002013-01-06T15:47:59.706+01:00home labNASSynologyMultiple VLANs on a Synology NASSynology, like other SOHO/SMB NAS vendors, touts VLAN functionality with their current DSM 4.1 software. However, the web interface just lets you specify one VLAN tag to use over each eth interface (or bond interface).<br /><h4>Manual approach</h4>In the busybox environment that you can ssh into as root (after enabling ssh through the webinterface), there's all the tools you need to use multiple VLANs over one link (eth or bond), however:<br />First you insert the 802.1q module into the Linux kernel: <br /><blockquote class="tr_bq">&nbsp;/sbin/lsmod | /bin/grep -q 8021q || /sbin/insmod /lib/modules/8021q.ko</blockquote>Then you add each VLAN you need to every interface (bond0 in this example)<br /><blockquote class="tr_bq">&nbsp;/sbin/vconfig add bond0 4</blockquote>And finally you can configure IP addresses on every interface.vlan combination (bond0.4 in this example) <br /><blockquote class="tr_bq">&nbsp;/sbin/ifconfig bond0.4 192.168.4.1 broadcast 192.168.4.255 netmask 255.255.255.0</blockquote>The same type of script would work on a QNAP NAS too, by the way. They offer 8021q.ko and vconfig in their commandline environment as well.<br />Packets from the bond0 interface leave the device untagged, packets from the bond0.4 interface leave with a tag specifying VLAN 4.<br />Be aware that these settings only last until the next reboot.<br /><br /><h4>Synology approach (future?)</h4>Synology has its own set of utilities that are used by the webinterface to manage devices. The network interface settings are managed by /usr/syno/sbin/synonet. This utility sets up bonded interfaces, IP addresses, and VLAN entries. However, the utility has the same limitations as the web interface (for unknown reasons): creating a VLAN unconfigures the untagged interface you're working on, and you can't add a second VLAN on the same interface.<br />It would be nice if synonet could get multi-VLAN support, as all the necessary options seem to be there already. Feature request, Synology?http://virtwo.blogspot.com/2013/01/multiple-vlans-on-synology-nas.htmlnoreply@blogger.com (Bert de Bruijn)6tag:blogger.com,1999:blog-7036379482487192438.post-3611995861337890974Sun, 23 Dec 2012 20:53:00 +00002012-12-25T12:25:21.062+01:00home labNASBuying the right NAS device for your home lab.Buying the right NAS device for a vSphere home lab is not an easy task. This blog post documents the decision process you should go through IMHO.<br /><br />First, decide which data you are going to put on it. Lots of people buy a NAS for secondary data only (I.e. backups), but in a home lab, there's probably primary data too. <u>How important is the data</u>, and do you require a backup of this primary data?<br /><br />Then, think about <u>the volume of data</u> you need. Is it 1TB, more like 5TB, or rather 10TB?<br /><br />Number three, protection level. No one wants to lose data, but how badly? Surviving one disk failure is a minimum, but a RAID5 set enters its "danger zone" when that happens. That means an additional failure will make you lose all the data on the set. The danger zone ends after you've replaced the failed disk and it's contents have been rebuilt. RAID6 enters the danger zone after losing a second device before the first is rebuilt. Kn<u>ow your danger zone</u>!<br /><br />A fourth decision is speed. Bandwidth is a concern to some, but on a Gbit switch, a device with 4 or more disks can often saturate that bandwidth. Multiple Gbit links can help if more bandwidth is needed. But <u>the most important performance indicator is IOPS</u>. Knowing how many IOPS you want is extremely difficult, but once you arrive at a figure, getting the IOPS is a matter of spreading your data over enough individual disks. One WD Caviar Red drive can do about 112 write IOPS or 45 read IOPS of 4 KB. Caching can greatly improve host-facing IOPS as well. <a href="http://www.storagereview.com/western_digital_red_nas_hard_drive_review_wd30efrx" target="_blank">This article</a> gives a great view on the world of disk bandwidth, IOPS and latency.<br /><br />You should also know which protocols your NAS will need to speak, but as most do CIFS, NFS and iSCSI anyway, most use types are covered. If you need specialty features like replication, filter on that too. Also, is your device really supported? The actual support might not matter for a home lab, but it's the strongest statement you can get that <u>it will work</u>.<br /><br />Conclusion: in most environments, this is going to lead to a NAS configuration with a <u>high number of slots</u> (forget the 2 to 4 bay models), and relatively <u>small disks</u> in those slots. And that is ... a<b> lot </b>more expensive than just adding 3TB drives until you reach the volume you need. As always, there's no such thing as a free lunch: you'll get what you pay for.<br /><br />http://virtwo.blogspot.com/2012/12/buying-right-nas-device-for-your-home.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-6792779484580613123Thu, 04 Oct 2012 22:21:00 +00002012-10-05T00:21:17.959+02:00sdkVMwarevsphereBoot device priority in a vSphere VMWhile playing around with the bios.bootDeviceClasses parameter (as shown in <a href="http://download3.vmware.com/sample_code/Perl/VMBootOrder.html">this example</a> ), we found out that<br /><br /><ol><li>a device not specified in allow: would still be used if all "allow:"ed devices are unusable (no CD connected, no PXE server found, etc.)</li><li>a device specified in deny: would still be used if all other devices are unusable.</li></ol><div>So contrary to what the documentation suggests, "allow:" will just move certain devices to the front of the boot device list, and "deny:" moves those devices to the end of the list.</div><div><br /></div><div>Hope this can help other people trying to make sense of setting boot order in a VM to achieve a specific behavior. In our case: get a VM to reliably boot from CD for automated deployment using the SDK.</div>http://virtwo.blogspot.com/2012/10/boot-device-priority-in-vsphere-vm.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-1527841707605865259Tue, 18 Oct 2011 12:08:00 +00002011-10-18T19:08:43.392+02:00Too much redundancy will kill you<p>A customer asked me to verify their vSphere implementation. Everything looked perfectly redundant, in the traditional elegant way: cross over between layers to avoid single points of failure. I had to break the bad news: too much redundancy can mean <b>NO redundancy</b>. <br/>In this case: host has 4 network interfaces (2x dual port card). VM's connect to a vSwitch, which has redundancy over vmnic0 and vmnic2 (using 1 port of each card). Another vSwitch for the storage traffic, same level of redundancy, using vmnic1 and vmnic3. Looking good.<br/>Then the physical level. 4 host interfaces, 2 interconnected network switches. The traditional |X| design connects the two interfaces of every card to different switches. Looking good.<br/></p><p>But looking at both configurations together, you'll see that every vSwitch gets connected to one physical switch. The sum of two crossed redundancy configurations equals no redundancy at all.<br/>Enabling CDP or LLDP can help you identify this problem, as you can identify on every interface which physical switch it connects to. In this case the CDP physical switch identifier was the same on vmnic0 and vmnic2, and again the same on vmnic1 and vmnic3. <br/>I advised changing the cabling to four straight || || connections, vmnic0 and vmnic1 to the left switch and vmnic2 and vmnic3 to the right switch. That re-introduces the redundancy they thought they had.</p>http://virtwo.blogspot.com/2011/10/too-much-redundancy-will-kill-you.htmlnoreply@blogger.com (Bert de Bruijn)2tag:blogger.com,1999:blog-7036379482487192438.post-1599738579196664868Mon, 12 Sep 2011 19:44:00 +00002011-09-12T21:44:47.861+02:00VCSAvSphere5vCenter Appliance and underscores in hostnamesFound out the hard way: don't use underscores in hostnames. It's not allowed by DNS, and it breaks things. In this case: joining vCenter Server Appliance (VCSA) in an Active Directory doesn't work if the hostname of the appliance contains an underscore (_). It also doesn't work if the hostname is "localhost". <br />If your appliance uses DHCP, the appliance gets its hostname through reverse DNS. So in that case, it _is_ a freaking DNS problem.http://virtwo.blogspot.com/2011/09/vcenter-appliance-and-underscores-in.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-7468002541905238035Tue, 06 Sep 2011 20:33:00 +00002011-09-07T09:39:09.618+02:00nested virtualizationvspherevSphere5 nested virtualization as seen in /proc/cpuinfoI won't blog about the whole vhv.allow="true" procedure here, that's been covered elsewhere. But what does nested virtualization change in a VM ? Well, the CPU features that are exposed change:<br />A regular 64-bit Linux VM sees<br /><blockquote># grep flags /proc/cpuinfo <br />flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc up arch_perfmon pebs bts rep_good xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx hypervisor lahf_lm ida arat</blockquote><br />A 64-bit VM with nested virtualization enabled sees<br /><blockquote># grep flags /proc/cpuinfo <br />flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc up arch_perfmon pebs bts rep_good xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq <b>vmx</b> ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx hypervisor lahf_lm ida arat <b>tpr_shadow ept vpid</b></blockquote><br />So the <b>vmx</b>, <b>tpr_shadow</b>, <b>ept</b> and <b>vpid</b> features are hidden for a normal VM, and are exposed when you enable nested virtualization.<br />N.B. These /proc/cpuinfo examples were created on vSphere5 running on a Sandy Bridge E31270 CPU. Other CPU generations will show a different flag set, but the four added features should be the same.http://virtwo.blogspot.com/2011/09/vsphere5-nested-virtualization-as-seen.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-2692122609523395053Fri, 19 Aug 2011 08:56:00 +00002011-08-19T16:52:44.993+02:00linuxrsnapshotsshSSH cipher speedWhen setting up backups over SSH (e.g. rsnapshot with rsync over SSH), it's important to know that the default SSH cipher isn't necessarily the fastest one. In this case, the CPU-based encryption is the performance bottleneck, and making it faster means getting faster backups. <br />A test (copying a 440 MB file between a fast Xeon CPU (fast=no bottleneck there) and an Atom based NAS) shows that the arcfour family of ciphers are clearly the fastest in this setup:<br /><table><tr><td>cipher</td><td>real time</td><td>user time</td><td>bandwidth</td></tr>
<tr><td>arcfour</td><td>0m9.639s</td><td>0m7.423s</td><td>45.7 MB/s</td></tr>
<tr><td>arcfour128</td><td>0m9.751s</td><td>0m7.483s</td><td>45.1 MB/s</td></tr>
<tr><td>arcfour256</td><td>0m9.856s</td><td>0m7.764s</td><td>44.7 MB/s</td></tr>
<tr><td>blowfish-cbc</td><td>0m13.093s</td><td>0m10.909s</td><td>33.6 MB/s</td></tr>
<tr><td>aes128-cbc</td><td>0m22.565s</td><td>0m20.129s</td><td>19.5 MB/s</td></tr>
<tr><td>aes128-ctr</td><td>0m25.400s</td><td>0m22.951s</td><td>17.3 MB/s</td></tr>
<tr><td>aes192-ctr</td><td>0m28.047s</td><td>0m25.771s</td><td>15.7 MB/s</td></tr>
<tr><td>3des-cbc</td><td>0m51.067s</td><td>0m48.018s</td><td>8.6 MB/s</td></tr>
</table><br />The default configuration of openssh uses aes128-ctr, so changing the cipher to arcfour gets me a 2.5-fold increase in bandwidth here ! Use the "Ciphers" keyword in .ssh/config or the "-c" command line parameter to change the order of preference of the available ciphers. YMMV.<br /><br />As a reference (cfr. deinoscloud's comment), I ran "nc -l -p 3333" on the Atom side, and ran "cat file | nc atom 3333" on the Xeon:<br /><table><tr><td>cipher</td><td>real time</td><td>user time</td><td>bandwidth</td></tr>
<tr><td>cleartext</td><td>0m4.135s</td><td>0m0.311s</td><td>106.5 MB/s</td></tr>
</table>. This shows that in the cleartext case, the CPU (user) time is not the bottleneck, and we're very close to using the full 1Gbps bandwidth.<br /><br /><br /><br /><br /><br /><br /><br /><br />http://virtwo.blogspot.com/2011/08/ssh-cipher-speed.htmlnoreply@blogger.com (Bert de Bruijn)2tag:blogger.com,1999:blog-7036379482487192438.post-3255744051140701332Mon, 15 Aug 2011 18:19:00 +00002011-08-15T20:19:52.572+02:00Dell's R210-II as vSphere home lab serverMy VI3 and vSphere4 home lab consisted of whitebox PCs. For VI3 I used MSI based nonames, for vSphere4 I used Shuttle SX58j3. For the new vSphere5 generation, I wanted some real server hardware. Because of shallow depth requirements, the choice of rackmount servers was limited. I picked the Dell Poweredge R210II instead of the sx58j3 because<br />- on the vSphere HCL (the sx58j3's won't boot vSphere5 RC !)<br />- Sandy Bridge low TDP CPUs available (I got the E3-1270)<br />- onboard dual BCM5716 nics support iSCSI offload (aka "dependent HW iSCSI")<br />- IPMI built-in (not tested yet)<br />- dense: 1U (the sx58j3 is about 4 units, but can fit 2 in 19")<br />- one free PCIe slot (The sx58j3 has 2 slots, but needs a VGA card)<br />- not incredibly expensive (up to 16GB RAM)<br />Downsides:<br />- only one free PCIe slot (max GbE nics needs expensive quadport card)<br />- incredibly expensive (with 32GB RAM it's 3x the price of a 16GB config)<br />- can't buy without at least one disk. I'll be running from USB sticks.<br />http://virtwo.blogspot.com/2011/08/dells-r210-ii-as-vsphere-home-lab.htmlnoreply@blogger.com (Bert de Bruijn)1tag:blogger.com,1999:blog-7036379482487192438.post-4633938969231363746Sat, 06 Aug 2011 15:05:00 +00002011-08-06T17:05:06.152+02:00httpslinuxopensslHTTPS SSL stops working because of old librariesAt a customer, a Linux workstation suddenly refused to open HTTPS sites. Verified recent package versions of both browser (konqueror) and libraries (kde, openssl), everything looked good, but it didn't work. This blogpost serves as documentation for the fact that checking new software isn't enough, because in this case removing old openssl compatibility libraries solved the problem. The kio_http helper is not linked with openssl directly, and for some reason it must have tried to open one of the old openssl versions that were also installed. After erasing all versions between 0.9.5a and 0.9.6b, keeping the current 0.9.8e, konqueror had no problems opening https sites anymore.http://virtwo.blogspot.com/2011/08/https-ssl-stops-working-because-of-old.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-4948970088933040826Wed, 22 Jun 2011 17:19:00 +00002011-06-22T19:19:37.781+02:00ciscovsphereHome lab switchMy home lab got upgraded with a new gigabit switch recently. Main improvement I wanted over the old Linksys SLM2024 I had: Cisco Discovery Protocol.<br />Based on that requirement and the budget, I selected the Cisco SG300-28 Small Business managed switch. The web interface is clearly improved compared to the SLM2024, and CDP is a real treat. Both vSphere ESXi and the cdpr utility under Linux decode the CDP information nicely. CDP is a great help to find errors in patch cable arrangement !http://virtwo.blogspot.com/2011/06/home-lab-switch.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-3449228929495248806Fri, 01 Apr 2011 17:01:00 +00002011-04-01T19:01:40.551+02:00Logitech diNovo Mini keyboard lacks F-keysI thought the Logitech diNovo Mini keyboard would be a perfect keyboard to keep in my basement rack for occasional maintenance activities on my Linux and vSphere servers. Turns out the diNovo Mini lacks F keys. Not even Fn-[number] will send the correct keycode. What a disappointment. The larger (but still small) diNovo Edge has function keys, but is far less suited to be left in a dusty environment like a basement rack. <br />Does anyone else know of a better solution ?http://virtwo.blogspot.com/2011/04/logitech-dinovo-mini-keyboard-lacks-f.htmlnoreply@blogger.com (Bert de Bruijn)1tag:blogger.com,1999:blog-7036379482487192438.post-5070160818121101783Wed, 30 Mar 2011 09:31:00 +00002011-03-30T11:39:02.605+02:00Weird vmnic numberingAfter installing new Intel quad port ethernet cards in vSphere ESXi machines, I had to figure out which physical port matched to which vmnic number. Strange though it may sound, the mapping turned out to be (top to bottom as seen on the back of the card).<br /><br />A: vmnic2<br />B: vmnic3<br />C: vmnic0<br />D: vmnic1<br /><br />However, the PCI layout of most quad port cards makes this easier to understand: a quad port card is implemented as two dual port cards behind a PCI bridge chip. While enumerating the PCI bus, the VMkernel can find one bus first, enumerate the devices on it, then find the second bus, and enumerate the devices there.<br />In this case, the bottom bus was found first, and vmnic's on it were counted top to bottom (vmnic0 and vmnic1). Then the top bus was found, and again vmnic's on it were counted top to bottom (vmnic2 and vmnic3).http://virtwo.blogspot.com/2011/03/weird-vmnic-numbering.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-6738672948180230107Mon, 28 Feb 2011 21:02:00 +00002011-03-01T11:39:09.754+01:00Hyper-VmarketingWhen marketing and technical information meet: Hyper-V<div><blockquote></blockquote><blockquote></blockquote><br /></div>While reading an <a href="http://blogs.msdn.com/b/virtual_pc_guy/archive/2011/02/18/hyper-v-cpu-scheduling-part-4.aspx">article about Hyper-V per-VM CPU settings</a>, I saw this in the FAQ:<div><br /></div><br />[BEGIN QUOTE]<div><p class="p1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); "><b>Why do you use percentage for the limit and reserve – and not MHz / GHz?</b></p><p class="p1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); ">Many people find it easier to think in MHz / GHz rather than percentage of a physical computer. They also argue that using a percentage means that as you move a virtual machine from computer to computer you may get different amounts of resource depending on the underlying capability.</p><p class="p1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); ">This is something that has been discussed extensively on the Hyper-V team, and while I do believe there is some merit in this approach, there are a number of reasons why we chose to use a percentage instead. Two key ones are:</p><p class="p1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); "> </p><ol class="ol1" style="list-style-type: decimal; "><li class="li1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); ">Predictable mobility<br /><br />If all your virtual machines have a reserve of 10% – you know that you can run 10 of them on any of your servers. The same would not be true if they all had a reserve of 250Mhz. Given how important virtual machine mobility is to our users – we believe that this is something that needs to be easy to manage.<br /></li><li class="li1" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; line-height: 18px; font: normal normal normal 12px/normal Verdana; color: rgb(51, 50, 51); ">Not all MHz are the same<br /><br />1GHz on a Pentium IV is much slower than 1GHz on a Core i7. Furthermore – newer processors tend to be more efficient at virtualization than older processors, so the difference between the “bang for buck” that you get out of each MHz varies greatly between processor types. This means that in reality – defining a reserve or limit in MHz / GHz does not really give you a great performance guarantee anyway.</li></ol></div><div><br />[END QUOTE]</div><div>Even though this seems to be a list of technical arguments, the claims made are non-sensical:</div><div><ol><li>"we use a relative percentage instead of a fixed unit because we want you to be sure you can run a certain number of guests on any CPU." What ?? Who says that my VMs will actually still run when they suddenly get only half of the power they needed, because they were moved to a CPU with half the horsepower ? A reserve is supposed to be a guarantee, a limit is supposed to be just that: a limit. Even the examples they give for using a reserve or a limit would fail. A misbehaving app that sucks CPU, will suddenly be allowed to use even more, just because it's now running on a faster CPU.</li><li>"Not all MHz are the same." That's not a very good reason to use percentages instead, is it. Are they claiming that every % _is_ the same ? </li></ol>Dear Microsoft (and any other company reading this), please make your technical information technical, and correct. Do whatever you want with your marketing docs, but don't let the marketing seep into the technical documentation.</div><div><div><blockquote><div><span class="Apple-style-span" ><span class="Apple-style-span" style="font-size: 12px;"><span class="Apple-style-span" style="font-family: Georgia, serif; font-size: 16px; color: rgb(0, 0, 0); "><blockquote></blockquote></span></span></span></div></blockquote></div></div>http://virtwo.blogspot.com/2011/02/when-marketing-and-technical.htmlnoreply@blogger.com (Bert de Bruijn)0tag:blogger.com,1999:blog-7036379482487192438.post-5825608971544587862Mon, 28 Feb 2011 19:33:00 +00002011-02-28T20:42:10.225+01:00DNSfirefoxNFSEvery error is a DNS error.Newly installed RHEL5 machine in an existing network. Users opening firefox on the machine got an error "The bookmarks and history system will not be functional". The googlesphere suggested renaming places.sqlite and such, but that didn't help. Things began to clear up when I found errors on the NFS server that exports the home directory: "lockd: failed to monitor newmachine.companydomain". I checked the nfslock service, but it was running fine. Configuration files for NFS and autofs were identical to other machines that didn't show the problem. Then, like a bolt of lightning, it hit me: I had forgotten to create a reverse DNS entry for the new machines IP. Forward DNS was OK, but reverse wasn't. That caused the NFS lock error, and that caused the firefox error... The old saying is confirmed once more: every error is a DNS error.http://virtwo.blogspot.com/2011/02/every-error-is-dns-error.htmlnoreply@blogger.com (Bert de Bruijn)1tag:blogger.com,1999:blog-7036379482487192438.post-8961237921670773746Sat, 19 Feb 2011 15:45:00 +00002011-02-19T17:05:38.345+01:00QNAPVLANLink aggregation and VLANs on QNAP with firmware 3.4.0The new QNAP firmware (3.4.0) supports 802.1q VLAN tagging, but you can't create multiple interfaces in different VLANs on the same physical interface through the webinterface.<div>In the case of link aggregation (LACP 802.3ad for example), that means only 1 VLAN and 1 IP address can be used. </div><div>Fortunately, QNAP allows full access to the underlying Linux system. Adding a VLAN interface goes like this (the example uses VLAN 234)<div># /usr/local/bin/vconfig add bond0 234</div></div><div># ifconfig bond0.234 192.168.2.30 broadcast 192.168.2.255 netmask 255.255.255.0</div><div><br /></div><div>of course, this change is not permanent, a reboot will not automatically start this interface. I'll blog about making it permanent later.</div>http://virtwo.blogspot.com/2011/02/link-aggregation-and-vlans-on-qnap-with.htmlnoreply@blogger.com (Bert de Bruijn)4